Overview

overview

10

Static

static

3

Catalog.exe

windows7-x64

10

Catalog.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    121s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    17-06-2024 16:53

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Catalog.exe

  • Size

    714KB

  • MD5

    3af928b8c8ff9993e7567360d26275e6

  • SHA1

    b3a79f4b6fa9f4bcc4c8bab8b6eda8df3b0f0ee0

  • SHA256

    1206ddd174f5df61f70259ac6da12226590232dd5f70d3139aa290d381efecbe

  • SHA512

    9ef73554db5164ec5944b493d555e93182b0945f2f2a6a19e80b7598fe7b65a2f8a1dc4c3a09858683d8c38233af0763f4c68a9a5ff294420ed75b9a59e7ed87

  • SSDEEP

    12288:/cFUncJ54irus265GoqlDX1YH0COI+w7Ror6PpGg+l2K3RYUOQmT/3iJusPIW6F:lnYnuRcBIoGblBhk/qIX

Score
10/10
azorultinfostealertrojan

Malware Config

Extracted

Family

azorult

C2

http://207.154.240.23/index.php

Signatures

  • Azorult

    An information stealer that was first discovered in 2016, targeting browsing history and passwords.

    trojaninfostealerazorult
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious behavior: MapViewOfSection 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Catalog.exe
    "C:\Users\Admin\AppData\Local\Temp\Catalog.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: MapViewOfSection
    • Suspicious use of WriteProcessMemory
    PID:2976
    • C:\Users\Admin\AppData\Local\Temp\Catalog.exe
      "C:\Users\Admin\AppData\Local\Temp\Catalog.exe"
      2⤵
        PID:2848

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/2848-4-0x0000000000400000-0x0000000000420000-memory.dmp

      Filesize

      128KB

      Download

    • memory/2848-7-0x0000000000400000-0x0000000000420000-memory.dmp

      Filesize

      128KB

      Download

    • memory/2848-8-0x0000000000400000-0x0000000000420000-memory.dmp

      Filesize

      128KB

      Download

    • memory/2848-9-0x0000000000400000-0x0000000000420000-memory.dmp

      Filesize

      128KB

      Download

    • memory/2848-13-0x0000000000400000-0x0000000000420000-memory.dmp

      Filesize

      128KB

      Download

    • memory/2848-16-0x0000000000400000-0x0000000000420000-memory.dmp

      Filesize

      128KB

      Download

    • memory/2976-0-0x0000000000320000-0x0000000000321000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2976-2-0x00000000005F0000-0x0000000000600000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2976-1-0x00000000005F0000-0x0000000000600000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2976-3-0x0000000000610000-0x0000000000611000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2976-5-0x0000000000400000-0x00000000004B9000-memory.dmp

      Filesize

      740KB

      Download